Monthly Archives: November 2018

New method of evaluating overall fire safety

Brand_Sikring_nr

Fire safety is not just one thing. It involves an interplay between a number of different factors. And, if one of them fails, the entire projected safety falls apart.

This is the underlying basis of the NFPA Fire & Life Safety Ecosystem, which is a new approach to fire safety that was presented at the NFPA Conference & Expo in Las Vegas in the summer of 2018.

– The method means that you don’t just look at one factor – for example, the design of the building – but you have to view fire safety from a broader perspective in order to ensure that the overall level of safety is adequate. Many factors determine whether a building is safe, and if just one element does not live up to expectations, then you don’t have the expected level of safety, says Mikael N. Gam, fire safety consultant at the Danish Institute of Fire and Security Technology, DBI.

Prudent principles in tumultuous times
In specific terms, the ecosystem encompasses eight points that must be in place.

– In a time when many of the things we have historically based our fire safety on are changing – for example, the use of many new materials with different fire safety properties, the ecosystem is a highly prudent principle to work to. For everything is interlinked and, to a far greater degree than previously, we have to be aware that numerous factors impact on overall fire safety, explains Mikael N. Gam.

The eight points in the NFPA Fire & Life Safety Ecosystem:

  1. The regulatory authorities must develop and maintain effective guidelines and laws in the field.
  2. Planning and design teams must apply the latest guidelines and regulations in the field.
  3. All standards must be referenced and complied with during all phases of a building project (design, execution, operation etc.).
  4. Safety must be invested in, and it must be prioritised in relation to training, the choice of products and the enforcement of guidelines.
  5. The workforce carrying out the construction of the building must be competent and highly trained so that it can perform the work in compliance with guidelines and regulations.
  6. An effective quality assurance system must be in place in order to enforce rules and guidelines during the construction phase.
  7. Emergency response teams must be prepared, well-trained and have the necessary equipment to be able to respond to any risks that may arise.
  8. The public must be well-informed regarding the risks and dangers posed by fires before fire safety is in order.

VdS warning: Millions of video cameras vulnerable to hacking

vds-hack

Dangerous access to nine million video cameras: Precisely the insecure cloud functions that the police and VdS have been warning against for years enable tampering with the surveillance systems of hundreds of end manufacturers. // Developers can find precise help for secure remote access in the guidelines VdS 3169, available free of charge.

The police and VdS have been warning for years against the often extreme vulnerability of insecure cloud solutions – even for components used in the security sector. The most recent example: video camera parts from one of the world´s largest manufacturers of this type (based in eastern China). Hack attempts by the Viennese IT security consultants SEC Consult revealed fast access options for nine million cameras currently in use. Program manipulations were also easily possible.
A particular problem is that although these components are used by more than a hundred end manufacturers, they are usually not listed anywhere. By the way, the botnet “Mirai” (perpetrator caught and convicted), which in 2016 paralysed large parts of the Internet including Twitter, Spotify and Netflix, drew its attack strength to a large extent from hacked components of this very manufacturer.
Sebastian Brose, Head of Product Management in the VdS Business Unit Products & Companies, explains: “Since then, optimisations have mostly not taken place. Many institutions all over the world which are highly interesting for criminals are using these vulnerable components. Hackers will not only see everything that happens there quickly and easily, but can also use the gap to enter other systems on site and misuse them as attack tools. Users of VdS-approved systems do not have such problems – after all, these are exactly the things we are testing for.”
The problem often arises because remote access via app has been made possible. Developers can find important help for a secure implementation in the free guidelines VdS 3169en (simply enter “3169en” in the search field on vds-shop.de/en ).

Caption Hack: Even cloud solutions used in the security sector are often far too easily attackable. Latest example: Nine million video cameras that are easy to hack because of an unsafe component.